<?php
session_start();

$user_id = $_SESSION['user_id'];
//echo 'User id ' . $user_id . '<br>'; 

//Mysql configuration that has user names and passwords
include_once 'admin/config.php';
include_once 'classes/database.php';
include_once 'classes/supervisor.php';
include_once 'classes/subject.php';

//$dbo = Database::getDBOInstance();

$connection = mysql_connect($db_host , $db_username, $db_password);
$db = mysql_select_db($db_name);

if ($user_id) {
	//Look into the action
	if ($_GET['action']) {
		//Show page accordingly
		
		switch ($_GET['action']) {
			case 'home': case 'index':
				include 'index.page.php';
				break;
				
			case 'drop':
				/* Drop is triggered when user clicks on the 'drop' link in the table that contains
				 * the current allocations. the index.page.php has the handler for the drop funtion.
				 * and there for that page needs to be loaded once again */
				include 'index.page.php';
				break;
				
			case 'search':
				/* 'search' is handled by the 'add.page.php' page. It needs to be included to this page
				 * to get its funcitonality. On submit of the 3 buttons it has, a GET variable named 
				 * 'search' will be sent, thus always loading the same page */
				include 'add.page.php';
				break;
				
			case 'login':
				include 'login.page.php';
				break;
			
			case 'login_process':
				/* Login process will take arguments from the 'login.page.php' submission and
				 * would handle the login function. */
				login_user();
				break;
				
			case 'logout':
				logout_user();
				break;
				
			case 'change_pwd':
				//This will show the change password form to the user
				include 'changepwd.page.php';
				break;
				
			case 'changepwd_process':
				change_pwd($_GET['old_pwd'], $_GET['new_pwd'], $_GET['new_pwd_confirm']);
				break;
				
			case 'changeprofile':
				include 'editinfo.page.php';
				break;
			
			case 'changeprofile_process':
				changeProfile($_GET['new_name'], $_GET['new_available']);
				include 'index.page.php';
				break;
			
			default:
				include 'index.page.php';
				break;	
		}
		
	}
	elseif ($_POST['action']) {
		//Should be about the login
		if ($_POST['action'] == 'changepwd_process') {
			//echo 'here';
			change_pwd($_POST['old_pwd'], $_POST['new_pwd'], $_POST['new_pwd_confirm']);
		}
	}
	else {
		//Show the default page	
		include 'index.page.php';
	}	
}
else {
	/* The user is not logged on, if he / she is not logged on we need to show him the 
	 * Login page. If he is trying to login, that is by using POST variables, we need to
	 * use them to login the user. Depending on its sucess, login_user() will either
	 * direct user back to the login page or would show the home page. */
	if ($_POST['action']) {
		
		if ($_POST['action'] == 'login_process')
			login_user($_POST['login_username'], $_POST['login_password']);
		else
			//Unknown POST event
			include 'login.page.php';
			
	}
	else {
		//User not logged in, show the login page
		include 'login.page.php';
	}
}

/**
 * 
 * This method will take user credentials and if they are correct to be of a sase_supervisor,
 * he / she would be logged in by passing a session variable 'user_id'
 *
 * @param String $username Username / Email of the supervisor
 * @param String $password Password of the user
 */
function login_user($username, $password) {
	global $user_id;
	//Check databases for any users with the given username and password
	$query = "select * from sase_supervisor where sup_id = '$username' and sup_pwd = '$password'";
	//echo $query;
	$result = mysql_query($query) or die( mysql_error() );
	
	if ( mysql_num_rows($result) == 1 ) {
		//User is valid, there is one user, add session data to enable user login
		$_SESSION['user_id'] = $username;
		
		$user_id = $username;
		
		//Show the home page that contains user subscriptions
		include 'index.page.php';
	}
	else {
		//There is some thing wrong with the login
		include 'login.page.php';	
	}
}

/**
 * 
 * This method will destroy the present session killing session variable. Hence 'user_id'
 * will too be destroyed and the user would need to login to reach the home page.
 */
function logout_user() {
	session_destroy();
	include 'login.page.php';
}

function change_pwd($old_pwd, $new_pwd, $new_pwd_confirm) {
	global $user_id;
	
	if ( strcmp($new_pwd, $new_pwd_confirm) != 0 ) {
		//Passwords do not match, show same page
		include 'changepwd.page.php';	echo 'length not match';
	}
	else {
	
		if ( Supervisor::updatePassword($user_id, $old_pwd, $new_pwd) == FALSE ) {
			//Not authenticated show form again
			include 'changepwd.page.php'; exit();
		}
        
        include 'index.page.php';
        /*
		//Check if the old password is correct
		$query = "select * from sase_supervisor where sup_id = '$user_id' and sup_pwd = '$old_pwd'";
		$result = mysql_query($query);
		
		if ( mysql_num_rows ($result) == 1 ) {
			//Authenticated, change password	
			$query = "update sase_supervisor set sup_pwd = '$new_pwd' where sup_id = '$user_id'";
			$result = mysql_query($query);
		}
		else {
			//Not authenticated show form again
			include 'changepwd.page.php';	
		}*/
	}
}

function changeProfile($newName, $newAvailability){
	global $user_id;
	
	if (! ($newAvailability == 1) ) $newAvailability = 0;
	Supervisor::updateInformation($user_id, $newName, $newAvailability);	
}

?>